Skip to content

Tests: LDAP+KRB5 krb_misc tests#8655

Open
madhuriupadhye wants to merge 1 commit into
SSSD:sssd-2-13from
madhuriupadhye:bp_ldap_krb
Open

Tests: LDAP+KRB5 krb_misc tests#8655
madhuriupadhye wants to merge 1 commit into
SSSD:sssd-2-13from
madhuriupadhye:bp_ldap_krb

Conversation

@madhuriupadhye
Copy link
Copy Markdown
Contributor

@madhuriupadhye madhuriupadhye commented Apr 28, 2026

Ported following test case:

  • kpasswd: BZ 847039: login works when krb5_kpasswd is unresolvable (kpasswd not needed for auth).
  • high UID: BZ 798655: auth and logs stay clean with a setuid(-1) helper process running.
  • password change: GH 677: SSH passwd with chpass_provider=krb5 logs initial auth in krb5_child.log.

Backporting of #8612

@madhuriupadhye madhuriupadhye requested review from aplopez, danlavu and spoore1 and removed request for danlavu April 28, 2026 11:00
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds three new system tests to the SSSD test suite, covering authentication scenarios with unresolvable kpasswd, handling of setuid(-1) helper processes, and password changes via SSH. The review feedback highlights the need to explicitly set the SSSD debug level to ensure logs are captured correctly for assertions, suggests reordering log checks to ensure they run even if authentication fails, and recommends adding a sleep delay to avoid race conditions when reading log files.

Comment thread src/tests/system/tests/test_ldap_krb5.py
Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated
Comment thread src/tests/system/tests/test_ldap_krb5.py
Comment thread src/tests/system/tests/test_ldap_krb5.py
spoore1
spoore1 approved these changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@spoore1 spoore1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While I think some of the gemini review comments are worth at least taking note of, this backport to sssd-2-13 looks good to me.

@alexey-tikhonov alexey-tikhonov added the no-backport This should go to target branch only. label Apr 28, 2026
@alexey-tikhonov alexey-tikhonov removed the request for review from aplopez April 28, 2026 14:50
@sssd-bot
Copy link
Copy Markdown
Contributor

sssd-bot commented Apr 28, 2026

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

🟢 rpm-build:centos-stream-10-x86_64:upstream (success)
🟢 rpm-build:fedora-42-x86_64:upstream (success)
🟢 rpm-build:fedora-43-x86_64:upstream (success)
🟢 rpm-build:fedora-44-x86_64:upstream (success)
🟢 rpm-build:fedora-rawhide-x86_64:upstream (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

danlavu
danlavu requested changes Apr 29, 2026
View reviewed changes
Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated
Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated
Comment thread src/tests/system/tests/test_ldap_krb5.py
Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated
Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated
Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated
Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated
Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated
Comment thread src/tests/system/tests/test_ldap_krb5.py
@madhuriupadhye madhuriupadhye mentioned this pull request Apr 30, 2026
Open
@madhuriupadhye madhuriupadhye force-pushed the bp_ldap_krb branch 2 times, most recently from a2bbc56 to 478c06d Compare April 30, 2026 16:03
@madhuriupadhye madhuriupadhye requested a review from danlavu April 30, 2026 16:04
danlavu
danlavu approved these changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown

@danlavu danlavu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@madhuriupadhye @sssd-bot
Tests: LDAP+KRB5 krb_misc tests
7fd8200 
Ported following test case:

- kpasswd: BZ 847039: login works when krb5_kpasswd is
  unresolvable (kpasswd not needed for auth).
- high UID: BZ 798655: auth and logs stay clean with a
  setuid(-2) helper process running.
- password change: GH 677: SSH passwd with
  chpass_provider=krb5 logs initial auth in krb5_child.log.

Backporting of SSSD#8612

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Dan Lavu <dlavu@redhat.com>
Reviewed-by: Scott Poore <spoore@redhat.com>
@sssd-bot
Copy link
Copy Markdown
Contributor

sssd-bot commented May 11, 2026

The pull request was accepted by @madhuriupadhye with the following PR CI status:

🟢 rpm-build:centos-stream-10-x86_64:upstream (success)
🟢 rpm-build:fedora-42-x86_64:upstream (success)
🟢 rpm-build:fedora-43-x86_64:upstream (success)
🟢 rpm-build:fedora-44-x86_64:upstream (success)
🟢 rpm-build:fedora-rawhide-x86_64:upstream (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@danlavu danlavu danlavu approved these changes

@spoore1 spoore1 spoore1 approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@danlavu danlavu

@spoore1 spoore1

Labels

Accepted no-backport This should go to target branch only. Tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@madhuriupadhye @sssd-bot @danlavu @spoore1 @aplopez @alexey-tikhonov